Winlogbeat

Lightweight Shipper for Windows Event Logs

Keep a pulse on what’s happening across your Windows-based infrastructure. Winlogbeat live streams Windows event logs to Elasticsearch and Logstash in a lightweight way.

Get Product Updates

Read from Any Windows Event Log Channel

There’s a lot to learn from your Windows event logs. Interested in security events like logons (4624) and logon failures (4625)? How about when a USB storage device is attached (4663) or new software is installed (11707)? Winlogbeat can be configured to read from any event log channel. It also ships raw event data in a structured format to make filtering and aggregating in Elasticsearch easier than ever before.

Ship to Elasticsearch or Logstash. Visualize in Kibana.

Winlogbeat is part of the Elastic Stack, meaning it works seamlessly with Logstash, Elasticsearch, and Kibana. Whether you want to apply a bit more transformation muscle to Windows event logs with Logstash, fiddle with some analytics in Elasticsearch, or build and share dashboards in Kibana, Winlogbeat makes it easy to ship your data to where it matters most.